AWS apprunner medium security documentation change
Summary
Updated documentation to state that VPC endpoint policies are now supported for App Runner, allowing control of which AWS principals can access the endpoint via policies.
Security assessment
The change introduces support for VPC endpoint policies, which directly enables administrators to restrict access to the App Runner endpoint based on AWS principals. This enhances security by allowing fine-grained access control, addressing a previous limitation where such policies were unsupported. The explicit mention of access control mechanisms qualifies it as security-related.
Diff
diff --git a/apprunner/latest/dg/security-vpce.md b/apprunner/latest/dg/security-vpce.md index 1b5b52211..1b7f860a4 100644 --- a//apprunner/latest/dg/security-vpce.md +++ b//apprunner/latest/dg/security-vpce.md @@ -46 +46 @@ To ensure privacy of network traffic in your VPC, consider the following: -VPC endpoint policies are not supported for App Runner. By default, full access to App Runner is allowed through the interface endpoint. Alternatively, you can associate a security group with the endpoint network interfaces to control traffic to App Runner through the interface endpoint. +VPC endpoint policies are supported for App Runner. By default, full access to App Runner is allowed through the interface endpoint. VPC endpoint policies can be used to control which AWS principals can access the App Runner endpoint. Alternatively, you can associate a security group with the endpoint network interfaces to control traffic to App Runner through the interface endpoint.